Re: [keycloak-user] Multi Tenancy

Monday, 10 March 2014

Travis.  Where are you deploying to?  Wildfly?  JBoss EAP?  Gonna try 
and work on your extension tomorrow to see if I can get it in by Alpha 3 
deadline.

On 3/2/2014 5:05 AM, Travis De Silva wrote:
...
 yes that sounds great. Thanks Bill

 On Sun, Mar 2, 2014 at 3:11 AM, Bill Burke <bburke(a)redhat.com
 <mailto:bburke@redhat.com>> wrote:

     I'll work on refactoring the adapters next week to help support
     this. Maybe if I get things cleaned up enough and provide some bare
     bones support for multi-tenancy you could take it over to help drive
     for your requirements?

     On 2/28/2014 3:57 PM, Travis De Silva wrote:

         On Sat, Mar 1, 2014 at 1:07 AM, Bill Burke <bburke(a)redhat.com
         <mailto:bburke@redhat.com>
         <mailto:bburke@redhat.com <mailto:bburke@redhat.com>>> wrote:

              On 2/27/2014 11:31 PM, Travis De Silva wrote:

                  As per your future plans, if we can get a stateless
         keycloak
                  co-location
                  option and also enable external config in a DB when you
         refactor the
                  adapter code, that should cover the needs of most
         developers who
                  want to
                  go beyond the out of the box solutions.

                  BTW, I hope with the above changes it would be possible to
                  associate one
                  war with multiple realms and this is not a core
         keycloak structure
                  design issue.

              How soon you need this by?  Yesterday?  ;)

         In our project, I was going to build the security model with social
         login and was on the verge of using an open source social login
         library
         to start building it when like god sent the keycloak project
         appeared :)
         So I am not the one to demand and happy with the little miracles
         that
         come my way. Having said that, yesterday would be great :) But
         seriously
         if your Jira roadmap is sort of an indicator and beta 1 would be
         released end of Match, that timeframe is fine for us :)

              Like I said earlier, I don't think colocation is necessarily a
              requirement if we a) provided an option for public clients
         (don't
              require a client secret) or b) you had a shared secret between
              clients for all realms.  The adapter would just extract the
         realm
              name from the request, invoke on the keycloak server to get the
              public information about the realm (i.e. public key), then
         cache
              this information locally.

         I guess a shared secret would do. Just wondering why we can't
         use the
         keycloak-admin realm as the top level realm and use it's secret
         to get
         the realm info to be cached locally and from that point onwards, it
         falls into the current keycloak flow.

         I am assuming that the individual keycloak realm admins (as per the
         change done by Stin on KEYCLOAK-292
         <https://issues.jboss.org/__browse/KEYCLOAK-292
         <https://issues.jboss.org/browse/KEYCLOAK-292>>) will not be
         able to view

         the keycloak-admin realm info.

              Bill

              --
              Bill Burke
              JBoss, a division of Red Hat
         http://bill.burkecentral.com

     --
     Bill Burke
     JBoss, a division of Red Hat
     http://bill.burkecentral.com

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Re: [keycloak-user] Multi Tenancy